Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros The Hacker [email protected] (The Hacker News)
July 4, 2025

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on …


Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission The Hacker [email protected] (The Hacker News)
July 4, 2025

Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were …


Big Tech’s Mixed Response to U.S. Treasury Sanctions Krebs on SecurityBrianKrebs
July 3, 2025

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But …


Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams The Hacker [email protected] (The Hacker News)
July 3, 2025

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context …


New Cyber Blueprint Aims to Guide Organizations on AI Journey darkreadingArielle Waldman
July 3, 2025

Deloitte's new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees. Deloitte's new blueprint looks to bridge the …


Dark Web Vendors Shift to Third Parties, Supply Chains darkreadingRobert Lemos, Contributing Writer
July 3, 2025

As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web. As attacks on software …


Criminals Sending QR Codes in Phishing, Malware Campaigns darkreadingArielle Waldman
July 3, 2025

The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware. The Anti-Phishing Working Group observed how attackers are …


IDE Extensions Pose Hidden Risks to Software Supply Chain darkreadingRob Wright
July 3, 2025

Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security. Malicious extensions can be engineered to bypass verification checks for popular …


Attackers Impersonate Top Brands in Callback Phishing darkreadingElizabeth Montalbano, Contributing Writer
July 3, 2025

Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers. Microsoft, PayPal, Docusign, and …


CISA Releases Four Industrial Control Systems Advisories AlertsCISA
July 3, 2025

CISA released four Industrial Control Systems (ICS) advisories on July 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-184-01 Hitachi Energy Relion 670/650 …